Three-quarters of consumers say organizations don’t care about protecting their data

While always in the news, the issue of information security has taken on greater urgency in recent months, due in part to a rash of high-profile data breaches. Brand-name retailer Target is still reeling from a series of revelations about the theft of confidential information late last year, with private data on some 100 million customers compromised. Neiman-Marcus, Michaels Stores, Adobe and White Lodging, among others, have also faced data breach issues. Beginning in mid 2013, unauthorized data theft of a different kind began hitting the headlines when it was revealed that Edward Snowden, a low-level contractor with the National Security Administration (NSA), was using his access privileges to illegally obtain huge amounts of classified information on government programs.

This survey, conducted by HyTrust, reveals the extent of the public’s unease with the level of data protection they want or expect. Most large organizations claim to have ironclad security measures in place, guided by strict industry guidelines and compliance mandates. Yet, as the poll results demonstrate, most consumers don’t have the confidence needed to ensure smooth business operations.

“A survey like this is basically a snapshot in time, not a full measure of public opinion, but the high level of distrust is still breathtaking,” said Eric Chiu, co-founder and president of HyTrust. “Many organizations maintain that they’re doing everything they can to protect private customer information, but the public at large believes otherwise. And in industries where data security is vital—retail, financial services and healthcare, for example—this lack of confidence will inevitably have a negative impact on the bottom line.”

Concerns about security are also being heightened by the ongoing mass-migration to cloud computing and virtualized infrastructures. While offering significant benefits ranging from far greater flexibility and scalability to cost reductions, there are also persistent questions about data security and privacy. The concentration of systems, networks and data naturally carries with it a concentration of risk. There have already been numerous cases of data theft and system crashes, in part because of the wide level of access granted to enable routine business operations. In fact, many of the major problems that have emerged recently stemmed from inside the organization, or by privilege hijacking or stolen credentials, and once the bad guys gain access this way, they look exactly the same as the good guys.

“Cloud security is not a simple or single issue—these are complex infrastructures with multiple levels of entry and egress, and ensuring the sanctity of the data requires a comprehensive strategy rather than a jumble of technologies and policies,” Chiu noted. “At HyTrust, we believe that optimal defense in the cloud needs to be based on a layered security approach involving five key areas, or requirements, as advised by industry experts and analysts. They are: Control and Visibility; Reporting and Management; Network and Endpoint Security; Data Security; and Platform Conditioning and Hardening. These combine to create a full-scale security strategy to secure systems end-to-end; stop breaches and misconfigurations; provide role-based monitoring to detect when bad things are happening and reduce the threat window; and encrypt data to make it unusable in the case someone gets past safeguards. Without these measures in place, organizations will continue to see the kind of erosion in consumer trust that this poll reveals.”